feat: implement RFC 16 to allow emergency node access (#3557)

terraform/infrastructure/gcp/main.tf

@@ -40,6 +40,7 @@ locals {
     { name = "recovery", port = "9999", health_check = "TCP" },
     { name = "join", port = "30090", health_check = "TCP" },
     var.debug ? [{ name = "debugd", port = "4000", health_check = "TCP" }] : [],
+    var.emergency_ssh ? [{ name = "ssh", port = "22", health_check = "TCP" }] : [],
   ])
   node_groups_by_role = {
     for name, node_group in var.node_groups : node_group.role => name...

terraform/infrastructure/gcp/outputs.tf

@@ -45,6 +45,11 @@ output "ip_cidr_node" {
   description = "CIDR block of the node network."
 }
 
+output "loadbalancer_address" {
+  value       = var.internal_load_balancer ? google_compute_address.loadbalancer_ip_internal[0].address : google_compute_global_address.loadbalancer_ip[0].address
+  description = "Public loadbalancer address."
+}
+
 # GCP-specific outputs
 
 output "project" {

terraform/infrastructure/gcp/variables.tf

@@ -75,3 +75,9 @@ variable "additional_labels" {
   default     = {}
   description = "Additional labels that should be given to created recources."
 }
+
+variable "emergency_ssh" {
+  type        = bool
+  default     = false
+  description = "Wether to expose the SSH port through the public load balancer."
+}